def WrapCredentials(self, http_client, allow_account_impersonation=True, use_google_auth=None): """Get an http client for working with Google APIs. Args: http_client: The http client to be wrapped. allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. If None, set the value based the configuration. Returns: An authorized http client with exception handling. Raises: c_store.Error: If an error loading the credentials occurs. """ # Wrappers for IAM header injection. authority_selector = properties.VALUES.auth.authority_selector.Get() authorization_token_file = ( properties.VALUES.auth.authorization_token_file.Get()) handlers = _GetIAMAuthHandlers(authority_selector, authorization_token_file) if use_google_auth is None: use_google_auth = base.UseGoogleAuth() creds = store.LoadIfEnabled(allow_account_impersonation, use_google_auth) if creds: http_client = self.AuthorizeClient(http_client, creds) # Set this attribute so we can access it later, even after the http_client # request method has been wrapped setattr(http_client, '_googlecloudsdk_credentials', creds) self.WrapRequest(http_client, handlers, _HandleAuthError, (client.AccessTokenRefreshError, google_auth_exceptions.RefreshError)) return http_client
def Http(timeout='unset', response_encoding=None, ca_certs=None, enable_resource_quota=True, force_resource_quota=False, allow_account_impersonation=True, use_google_auth=None): """Get an httplib2.Http client for working with the Google API. Args: timeout: double, The timeout in seconds to pass to httplib2. This is the socket level timeout. If timeout is None, timeout is infinite. If default argument 'unset' is given, a sensible default is selected. response_encoding: str, the encoding to use to decode the response. ca_certs: str, absolute filename of a ca_certs file that overrides the default enable_resource_quota: bool, By default, we are going to tell APIs to use the quota of the project being operated on. For some APIs we want to use gcloud's quota, so you can explicitly disable that behavior by passing False here. force_resource_quota: bool, If true resource project quota will be used by this client regardless of the settings in gcloud. This should be used for newer APIs that cannot work with legacy project quota. allow_account_impersonation: bool, True to allow use of impersonated service account credentials for calls made with this client. If False, the active user credentials will always be used. use_google_auth: bool, True if the calling command indicates to use google-auth library for authentication. If False, authentication will fallback to using the oauth2client library. If None, set the value based on the configuration. Returns: 1. A regular httplib2.Http object if no credentials are available; 2. Or a httplib2.Http client object authorized by oauth2client credentials if use_google_auth==False; 3. Or a google_auth_httplib2.AuthorizedHttp client object authorized by google-auth credentials. Raises: c_store.Error: If an error loading the credentials occurs. """ http_client = http.Http(timeout=timeout, response_encoding=response_encoding, ca_certs=ca_certs) if use_google_auth is None: use_google_auth = base.UseGoogleAuth() request_wrapper = RequestWrapper() http_client = request_wrapper.WrapQuota( http_client, enable_resource_quota, force_resource_quota, allow_account_impersonation, use_google_auth) http_client = request_wrapper.WrapCredentials(http_client, allow_account_impersonation, use_google_auth) if hasattr(http_client, '_googlecloudsdk_credentials'): creds = http_client._googlecloudsdk_credentials # pylint: disable=protected-access if core_creds.IsGoogleAuthCredentials(creds): apitools_creds = _GoogleAuthApitoolsCredentials(creds) else: apitools_creds = creds # apitools needs this attribute to do credential refreshes during batch API # requests. setattr(http_client.request, 'credentials', apitools_creds) return http_client